The world has changed
The COVID-19 pandemic has created unprecedented challenges for organizations around the world. With millions of people suddenly working from home for the first time, companies need ways to ensure productivity, connectivity, and security—quickly.
This mid-year update to Businesses @ Work looks at the data from the Okta Integration Network (OIN) to understand how organizations are employing new apps and increasing adoption of existing technology to improve productivity and secure their remote workforce during this unique crisis. Our network now includes nearly 8,000 customers and over 6,500 integrations with cloud, mobile and web apps, and IT infrastructure providers.
Dig into the data by industry:
WFH: More apps and tools, more comfy pants
Each month we see an overall uptick in the number of apps deployed as companies adopt more tools to get work done. Other than a typical dip in December around the holidays, our total number of unique users tends to uptick steadily as well. Between this February and March, that uptick grew substantially as more users adopted new functionality. We see growth in two major areas: collaboration tools, especially video conferencing apps, and network security tools such as VPNs that extend secure access to remote workers.
Our fastest growing apps were determined by the percentage increase in the number of unique users who logged in at least once during a 30-day period ending March 31 compared to a 30-day period ending February 29. Note that our data looks primarily at workforce usage.
Video conferencing has suddenly become pervasive in our lives: not only do home-based workforces need it to be productive, but families are using video conferencing to stay in touch, friends are scheduling get-togethers, and both educational and extra-curricular classes are moving online. So it will probably come as no surprise that three of our top seven fastest growing apps are video conferencing tools. Zoom was the fastest growing app in the OIN with an amazing 110% growth in unique workforce users in March over February, 2020. (For comparison, Zoom grew only 6% during that same time period in 2019.) RingCentral ranks at #6 with 39% growth, and Cisco Webex takes #7 with 37% growth in that same month-over-month period.
Network security and performance tools share the spotlight. Palo Alto Networks GlobalProtect showed 94% growth in March over February, compared to 20% for that same period in 2019. Cisco AnyConnect was close behind with 86% growth. These VPN tools provide security and ensure business continuity as organizations move workforces to the cloud at scale. Citrix ADC, which accelerates application performance and secures apps from attacks, had 56% month-over-month growth in that same period.
Proofpoint Security Awareness Training was the fifth fastest growing app, with 40% growth in March over February, indicating that companies aren’t just scrambling to get everyone up and running remotely—they are taking the extra step to protect the organizations’ notoriously weakest link, human error. Proofpoint also appeared at #10 with 22% growth, representing the increased usage of their Proofpoint Protection Server, Proofpoint Secure Share, and ProofPoint Threat Insight Dashboard products.
An unexpected transition to working from home often requires a new set of problem-solving skills. Many users are turning to Freshservice for their cloud-based IT service desk solution: between February and March of 2020, the number of unique users grew 25%. And LinkedIn Learning experienced 23% month-over-month growth, showing us that users are expanding their skill sets and possibly using this time to invest in themselves.
We took a closer look at our fastest growing apps and tools to see how the percentage growth of unique users changed day by day from late February through March, looking for a correlation between the growing impact of the pandemic and users’ behavior. We used a 28-day comparison to ensure weekdays are always compared to weekdays.
Looking at typical weekday login cycles, we estimate that Friday, March 6, 2020 was the last day of “normal” app usage, before user activity was affected by the pandemic. We see an upward trend beginning on Monday, March 9, 2020 for many apps, especially the six featured above.
AnyConnect and GlobalProtect had the biggest peaks in increases in unique users when compared to 28 days prior. AnyConnect had peak days of growth on March 23 with 224% growth, and on March 30 with 238% growth. GlobalProtect showed peaks of 232% and 233% growth on those same days, respectively. Zoom’s largest increase came on March 23 with 238% growth, with a second peak of 211% on March 30.
Many factors have impacted the number of logins during this period of time, but we noticed that specific moments in time, such as government-issued social distancing directives, correlated to jumps in usage. By Monday, March 16, many European countries had announced lockdowns; we saw a sharp increase in unique user logins, especially for AnyConnect, GlobalProtect, and Zoom, compared to the previous Monday. On Friday, March 20, California began a shelter-in-place directive, and New York asked nonessential businesses to close. By the time the UK announced lockdowns on Monday, March 23, AnyConnect had seen a 161% increase in unique users over March 9, GlobalProtect had seen a 168% increase, and Zoom had seen a 152% increase.
After seeing the significant change in the percentage of unique users accessing these apps each day, we were interested in “double clicking” on the number of daily logins for the three top apps: AnyConnect, GlobalProtect, and Zoom. We compared the data from January 13 through March 31, 2020, against the same period in 2019. All three apps had similar trend lines, with steep growth after March 13.
As organizations plan to onboard large numbers of employees to work remotely with uninterrupted access and a seamless user experience, rapidly scaling secure remote access capacity is key. GlobalProtect extends network security to endpoints to protect an organization’s mobile workforce, regardless of location.
Zoom had already surpassed Cisco Webex to become the top video conferencing tool in our network by 2018, and the app showed a meteoric rise in our 2020 Businesses @ Work report. Zoom has become a go-to tool not just for remote workforces, but as a way to maintain relationships and commitments outside of work as well.
Organizations are reacting quickly to secure their employees at home. AnyConnect simplifies secure endpoint access and provides the security necessary to help keep organizations safe and protected. A remote workforce can be scaled rapidly and protected whether employees are working on company laptops or personal mobile devices.
Security: now more than ever
Attackers are trying to take advantage of the chaos around the COVID-19 pandemic by launching a flood of phishing and identity attacks. Barracuda researchers have observed a 667% increase in spear-phishing attacks since the end of February, 2020. Even the FBI has issued a warning about an increase in fraud schemes due to the pandemic. Next Caller reports that about 32% of 1,000 surveyed Americans believe they've already been targeted by fraud or scams related to COVID-19, and the company predicts “a second wave of fraud will leverage broadscale confusion and the sheer volume of activity...to prey on desperate individuals and overwhelmed businesses.” Add in a nation waiting for stimulus checks, and opportunities abound for deception. With the traditional perimeter gone, companies need to protect their workers and customers more than ever.
Evolving attacks leverage fears and changes in behavior
Proofpoint, an Okta partner, has observed the rapid rise of COVID-19 lures. Threat actors are actively using COVID-19 social engineering themes to try to take advantage of remote workers, health concerns, stimulus payments, trusted brands, and more. As the pandemic has occurred over a number of weeks, and remains an area of concern worldwide, the overall collective volume of lures only continues to increase.
This winter, attackers have shifted very quickly from holiday-based lures to COVID-19 lures. Attacks come in many forms. For example, in a business email compromise, the sender may request “urgent” help under the guise that the sender’s town is locked down. Attachment threat emails may look like an internal office email with instructions to download an attachment about how to stay safe from the disease. URL-based threats also may look like an internal office email requesting employees fill out a survey about disease awareness, or register for a “mandatory” seminar. COVID-19 was used in conjunction with well-known brands and entities such as financial institutions and technology companies, as well as more specific brands such as the World Health Organization (WHO).
As we have seen in data from the OIN, video conferencing adoption as a whole has increased considerably, so it’s no surprise attackers are trying to leverage these top apps. Since March 27, 2020, Proofpoint researchers have observed an increase in video conferencing company-themed attacks seeking to steal credentials and distribute malware. These attacks do not leverage or attack video conferencing software directly: threat actors are using the names and brands of these video conferencing companies as themes in their social engineering lures, which lead to the theft of various account credentials, malware distribution, or credential harvesting for these spoofed video conferencing accounts.
While all industries have been targeted, Proofpoint has seen specific targeting of healthcare, education, manufacturing, media, advertising, and hospitality organizations in certain attack campaigns.
Users ramp up Multi-Factor Authentication for protection
As more and more people work from home, organizations are using Multi-Factor Authentication (MFA) to ensure their remote workforce has secure access to company data. In the past month, we've seen especially large upticks in certain factors. Okta Verify (including Okta Verify with Push notifications) has shown the most growth in the percentage of unique users per day, hovering at around an 80% increase over 28 days prior. SMS, voice, Google Authenticator, Symantec VIP, and YubiKey have all had a roughly similar growth trajectory. Our customers are reacting quickly and implementing factors that are easiest to deploy— “some MFA is better than none.” Our annual Businesses @ Work data tells us that many customers, especially newer customers, will migrate to using fewer but stronger factors.
Now, and looking forward
Our customers around the world have reacted to the pandemic quickly, rolling out remote communication apps, extending VPNs, and adding MFA to ensure the productivity, connectivity, and security of their (now) remote workforces. This first phase of evolution enables remote work so companies can thrive.
Once the dust settles, we believe companies will be ready to face a second phase of evolution, adding apps and tools that will not just enable remote productivity, but enhance what will likely become a “new normal” of dynamic work.
To create our Businesses @ Work reports, we anonymize Okta customer data from our network of thousands of companies, applications, and IT infrastructure integrations, and millions of daily authentications and verifications from countries around the world. Our customers and their employees, contractors, partners, and customers use Okta to log in to devices, apps and services, and leverage security features to protect their sensitive data. Our customers span every major industry and vary in size, from small businesses to enterprises with hundreds of thousands of employees or millions of customers. As you read this report, keep in mind that this data is representative of Okta's customers, the applications we connect to through the Okta Integration Network, and the ways in which users access these tools through our service.
We have worked carefully to standardize our data. Unless otherwise noted, this report presents and analyzes data from January 13, 2020, to March 31, 2020. When looking at daily trends, we look at data from week days, excluding weekends.
This report looks at apps deployed for corporate and personal use. Unless otherwise specified, the data included in this report is limited to Okta customers that have deployed at least one app through the Okta Integration Network.